Azure AD group-based license management for Office 365 and more
This looks awesome - simplify licence management for Office 365, EMS, Dynamics 365 and more with the new group-based licensing preview in AzureAD: Microsoft cloud services such as Office 365, Enterprise Mobility + Security, Dynamics CRM, and other similar products require licenses to be assigned to each user who needs access to these services.Until now, licenses could only be assigned at individual user level, which can male large-scale management difficult for our customers. We have introduced a new capability of the Azure AD license management system: group-based licensing. It is now possible to assign one or more product licenses to a group. Azure AD will make sure that the licenses are assigned to all members of the group. Any new members joining the group will be assigned the appropriate licenses and when they leave the group those licenses will be removed. This eliminates the need for automating license management via PowerShell to reflect changes in the organization and departmental structure on a per-user basis. Here is the documentation with the steps to get started - What is group-based licensing in Azure Active Directory?Agent for Identity Manager to sync to Azure AD
I colleague asks if there is a way to use MIM/FIM to sync to Azure AD? I recall that there used to be a FIM agent that you used in multi-forest scenarios. Today AAD Connect handles multi-forest. This company already has Identify Manager deployed and uses it heavily, so they want use it instead of deploying Azure AD connect if possible.
Access Panel New Tiles
We just noticed this morning that additional tiles have appeared in our User's Access Panels (https://account.activedirectory.windowsazure.com/r#/applications). These include the office apps (Excel, Word, Powerpoint), OneDrive, Sway, Yammer, Video, PowerApps, Planner, Newsfeed, Dynamics 365, Delve, and Flow. I know that I should be able to manage some of these appearing by disabling them in the Admin portal but is there also a way to manage the others? I can't necessarily disable office apps within 365, I need for the Microsoft graph but I dont want it on the Access Panel. Any ideas?Device-based Conditional Access policies for SharePoint are in public preview
This is really cool! "Working with the SharePoint team, we’ve created a great new feature in the conditional access experience that I think you’re going to love: the ability to limit a user’s ability to download, print and sync based on the state of their device." Conditional Access “limited access” policies for SharePoint are in public preview! There is a useful blog post from the SharePoint Community with even more details including a FAQ: Device-based Conditional Access Policies Rolling out to First Release for SharePoint and OneDrive This confirms that an Azure AD Premium (P1) license, as well as Intune licenses, are required to use these new policies. The Office 365 Tenant must be set up for First Release as well. As well as this, there is an Office support article - Control access from unmanaged devices.AADSTS65001: The user or administrator has not consented to use the application with ID
Hi all, We have a scenario where we are trying to connect Dynamics 365 Operations to Scribe Online. We have registered App on Azure and got the Client Id and Authentication URI. While using this ID and URI, we are facing the below error. I have followed the following steps: 1. Service Administrator created a NativeApplication under Azure Active Directory (App registrations) 2. Granted All the Microsoft ERP Permission required. 3. Cloud User isadded to the above Azure Active Directory. I have refered to following Sites for creating connections: 1. Connecting to D365 Operations using Scribe Online. 2. Active Directory for Integrating Applications NOTE: By performing the abovesteps, we were able to connect to 3 of our Client environments. But for one of our recent client, we weren't able to connect to their environment. Kindly suggest if I am missing anything. Thanks in AdvanceConditional Access for Exchange Online - Missing the Groups App !!
Hi everyone, We were waiting for a long time for a way to restrict access from mobile to Exchange Online except from Outlook mobile app on android and IOS. We see now that this is possible via conditional access as per this article: https://blogs.technet.microsoft.com/configmgrdogs/2016/11/02/restrict-iosandroid-e-mail-to-outlook-using-conditional-access-for-mam/ The thing microsoft did not include is the Office Group App. When I applied the above to my account, it is clear that the native mail client on my IOS is not syncing any more which is good, but now my office groups app is not working because it needs to access the conversation section which is in the background a shared mailbox in Exchange Online So now We are back to square one. I cannot use this amazing control until office groups mobile app works. Can someone from Microsoft deliver this to the product group to look at it please?The final push to GA "Azure AD in new Azure Portal": We need your help!
Hello folks, We`re making our final push to the General Availability of "Azure Active Directory in the new Azure Portal", and we need your help to make sure it is great for you. As Alex Simons shared: "Last September we shared the first preview of the new administration experience for Azure Active Directory in the new Azure portal. Since then, we’ve added lots of new functionality, including reporting, app management, conditional access, B2B, and licensing. Many of you are using the new experience regularly – in fact, over half a million of you are using it, from almost every country in the world, with usage increasing by about 25% each month. We appreciate all your positive feedback, and love the constructive feedback that’s helped us make an even stronger product. But there are still a LOT of you using the old portal. Late last week we turned on the another set of feature updates, and the new experience now has all of the features identity admins frequently use. With that update, we’ve entered our final push to GA the UX in the next ~60 days. And that’s where we need your help: We need everyone to move over to using the new portal for production tasks so we can uncover any last minute lingering issues." Please, do read Alex` blog post for more details and send us your feedback in the ‘Admin Portal’ section of our feedback forum. Let us know what you think!
